AMENDMENTS TO THE CLAIMS 



1 . (Currently Amended) A method of associating a permission set with a 
code assembly based on evidence characterized by different levels of trust, the 
method implemented at least in part by a computing device comprising: 

identifying a first condition for association with the permission set, wherein the 
first condition references a first element of evidence, wherein the first element of 
evidence is implicitly trusted and wherein the permission set is used to control 
operation of the code assembly during run-time; 

identifying a second condition for association with the permission set, wherein 
the second condition references a second element of evidence, wherein the second 
element of evidence is initially untrusted; 

determining whether the first condition is satisfied by the first element of 
-evidence; 

determining whether the second element of evidence should be trusted based 
on the first condition; 

determining whether the second condition is satisfied by the second element of 
evidence; and 

associating the permission set with the code assembly, if both the first 
condition and the second condition are satisfied; 

evaluating the first condition and the second condition using a logical 
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operation to determine membership of the code assembly in a parent code group; and 

evaluating the code assembly against membership criteria of a child code 
group if the code assembly is a member of the parent code group . 

2. (Previously Presented) The method of claim 1 wherein the operation of 
receiving a first condition comprises: 

receiving the first condition and the first element of evidence within a 
membership criterion. 

3. (Previously Presented) The method of claim 1 wherein the operation of 
receiving a second condition comprises: 

receiving the second condition and the second element of evidence within a 
membership criterion. 

4. (Previously Presented) The method of claim 1 wherein the operation of 
receiving a first condition comprises: 

receiving the first condition in a membership criterion; and 
receiving the first element of evidence based on a reference included in the 
membership criterion. 

5. (Previously Presented) The method of claim 1 wherein the operation of 
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receiving a second condition comprises: 

receiving the second condition in a membership criterion; and 

receiving the second element of evidence based on a reference included in the 

membership criterion. 

6-7. (Cancelled) 

8. (Original) The method of claim 1 further comprising: 

generating a collection of code groups, each code group being associated with 
a membership criterion and a permission set, wherein the first condition and the 
second condition are received in the membership criterion associated with one of the 
code groups; and 

determining whether the code assembly is a member of the code group, based 
on the membership criterion. 

9. (Original) The method of claim 8 wherein the associating operation 
comprises: 

associating the permission set of the code group with the code assembly, if the 
code assembly is determined to be a member of the code group. 

10. (Previously Presented) The method of claim 1 further comprising: 
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receiving at least a third condition referencing a third element of evidence, 
wherein the third element is initially vmtrusted; 

determining whether the third element of evidence should be trusted based on 
the second condition; and 

determining whether the third condition is satisfied by the third element of the 
evidence, wherein the associating operation comprises associating the permission set 
with the code assembly, if the first condition, the second condition, and the third 
condition are satisfied. 

11. (Currently Amended) One or more computer-readable media having 
instructions that, when executed on one or more processors perform a process for 
associating a permission set with a code assembly based on evidence characterized by 
different levels of trust comprising: 

generating a collection of code groups, wherein each code group is used to 
define a category of related code assemblies, each code group being associated with a 
membership criterion and a permission set used to control operation of the code 
assembly during run-time; 

receiving the membership criterion associated with a parent one of the code 
group groups, the membership criterion including at least a first condition and a 
second condition; 

referencing a first element of evidence in the first condition, wherein the first 
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element of evidence is trusted independent of other evidence and conditions; 

referencing a second element of evidence in the second condition, wherein the 
second element of evidence is initially untrusted; 

determining whether the first condition is satisfied by the first element of 
evidence; 

determining whether the second element of evidence should be trusted based 
on the first condition; 

determining whether the second condition is satisfied by the second element of 
evidence; 

evaluating the first condition and the second condition using a logical 
operation to determine membership of the code assembly in the parent code group; 

if the code assembly is a member of the parent code group, evaluating the code 
assembly against membership criteria of a child code group; and 

associating the permission set with the code assembly, if the code assembly is 
determined to be a member of the parent code group. 



12. (Previously presented) One or more computer-readable media 
according to claim 1 1 where in the computer process further comprises: 

receiving at least a third condition referencing a third element of evidence, 
wherein the third element is initially untrusted; 

determining whether the third element of evidence should be trusted based on 
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the second condition; and 

determining whether the third condition is satisfied by the third element of 
evidence, wherein the associating operation comprises associating the permission set 
with the code assembly, if the first condition, the second condition, and the third 
condition are satisfied. 

13. (Currently Amended) One or more computer-readable media having 
computer-executable instructions for performing a method of associating a permission 
set with a code assembly based on evidence characterized by different levels of trust 
comprising: 

receiving a first condition referencing a first element of evidence, wherein the 
first condition is associated with the permission set and the first element of evidence 
is trusted independent of other evidence and conditions; 

receiving a second condition referencing a second element of evidence, 
wherein the second condition is associated with the permission set and the second 
element is initially untrusted; 

determining whether the first condition is satisfied by the first element of 
evidence; 

determining whether the second element should be trusted based on the first 
condition; 

determining whether the second condition is satisfied by the second element of 
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evidence; 

evaluating the first condition and the second condition using a logical 
o peration to determine membership of the code assembly in a parent code group; and 

associating the permission set with the code assembly, if both the first and 
second conditions are satisfied, wherein the permission set is used to control operation 
of the code assembly during run- time ; and 

if the code assembly is a member of the parent code group, evaluating the code 
assembly against membership criteria of a child code group . 

14. (Currently Amended) One or more computer-readable media having 
instructions that, when executed on one or more computing processors, perform a 
process for associating a permission set with a code assembly based on evidence 
characterized by different levels of trust comprising: 

receiving at least a first condition referencing a first element of evidence, 
wherein the first condition is associated with the permission set and the first element 
of evidence is trusted independent of other evidence and conditions; 

receiving at least a second condition referencing a second element of evidence, 
wherein the second condition is associated with the permission set and the second 
element is initially untrusted; 

determining whether the first condition is satisfied by the first element of 
evidence; 
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determining whether the second element of evidence should be trusted based 
on the first condition; 

determining whether the second condition is satisfied by the second element of 
evidence; and 

associating the permission set with the code assembly, if both the first and 
second conditions are satisfied, wherein the permission set is used to control operation 
of the code assembly during run-time ; and 

evaluating the first condition and the second condition using a logical 
operation to determine membership of the code assembly in a parent code group, and 
if a member, evaluating the code assembly against membership criteria of a child code 
group . 

15. (Currently Amended) A policy manager for associating a permission 
set with a code assembly based on evidence characterized by different levels of trust, 
the policy manager implemented by one or more computing devices comprising: 

a code collection generator generating a collection of code groups, wherein 
each code group is used to define a category of related code assemblies, each code 
group being associated with the membership criterion and a permission set used to 
control operation of the code assembly during run-time; 

a membership evaluator determining if the code assembly is a member of 
[[the]] a parent said code group by evaluating at least a first condition and a second 
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condition associated with the parent said code group on e of the code groups , and if so, 
evaluating membership of the code assembly in a child said code group , the first 
condition referencing an implicitly trusted first element of evidence; the second 
condition referencing an initially untrusted second element of evidence, wherein a 
determination of trust associated with the second element of evidence is based on the 
first condition; and 

a permission set generator associating the permission set of the parent said 
code group with the code assembly, if the code assembly is determined to be a 
member of the parent said code group. 

16. (Previously Presented) The policy manager of claim 15 wherein the 
membership evaluator further receives at least a third condition referencing an 
initially untrusted third element of evidence, wherein the third condition is associated 
with the permission set and a determination of trust associated with the third element 
of evidence is dependent upon the second condition, and determines whether the third 
condition is satisfied by the third element of evidence, and 

wherein the permission set generator associates the permission set with the 
code assembly, if the first condition, the second conditioned, and the third conditions 
are satisfied. 

17. (Currently Amended) One or more computer-readable media having 
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instructions that, when executed on one or more processors, perform a process for 
associating a permission set with a code assembly based on evidence characterized by 
different levels of trust, the computer process comprising: 

receiving one or more first conditions, each first condition being associated 
with one or more first elements of evidence, wherein each first condition is associated 
with the permission set used to control operation of the code assembly during run- 
time; 

determining whether each first condition is satisfied by an associated first 
element of evidence; 

generating an indication for each first condition that is satisfied; 

receiving a second condition associated with the permission set; 

determining whether the second condition is satisfied based on the indications, 
wherein a level of trust associated with the indications depends upon a first condition 
of the one or more first conditions; 

evaluating the first condition and the second condition using a logical 
operation to determine membership of the code assembly in a parent code group; 

evaluating the code assembly against membership criteria of a child code 
group if the code assembly is a member of the parent code group; and 

associating the permission set with the code assembly, if both the first 
condition in the second condition are satisfied. 
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18. (Currently amended) One or more computer-readable media according 
to claim 17 wherein the indication is associated with [[the]] a first value associated 
with the first condition, and the operation of determining whether the second 
condition is satisfied comprises: 

collecting [[a]] the first value and additional values associated with other 
satisfied conditions to provide collected values; 

summing the collected values to provide a sum; and 

evaluating the sum against a threshold to determine whether the second 
condition is satisfied. 

19. (Previously presented) One or more computer-readable media 
according to claim 17 wherein at least one first element of evidence includes initially 
untrusted evidence. 

20. (Previously presented) One or more computer-readable media 
according to claims 17 wherein at least one indication includes initially untrusted 
evidence. 

21. (Previously presented) One or more computer-readable media 
according to claim 17 wherein the computer process further comprises: 
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generating an indication for each first condition that is not satisfied. 
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